Docker
I’m looking at adding crowdsec to my home setup. I have traefik and Authentik using cloudflare tunnels. Can anyone point me / help me properly setup my crowdsec container?
20 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
Anyone got any help?
are you using a MACVLAN for your containers?
I don’t know what that is, so I assume no. I’m using docker and assigning most applicable containers to the same docker network
I haven’t even started setting up crowdsec yet, just don’t want to foul shit up based on what I read about messing up
my docker-compose.yml with some modification to be more vanilla and leave optionals to enable later
with crowdsec and a lot of other containers, they port-forward from host to their port, this is "neat" but makes firewalls and allowing overlapping ports difficult, also ids and so on when you are looking into events, it can be nice to have an allow to the IP of THAT container verses the host that runs the containers
MACVLAN takes care of this, but you don't have to do that, but you might somewhere have to not use standard ports at the host/network perimeter
you can make a MACVLAN docker network using a script like this:
with the above you would custom ip your containers in the range of 192.168.0.32 - 192.168.0.62
the only real port you need is 8080, the 6060 is for gathering metrics from CrowdSec to something like Grafana, the 7422 is for Appsec and you would have to be using a Appsec capable Bouncer integration via something like a Traefik plugin
there is a detail about setting up a Multi-Server setup, and for your other CrowdSec installations you would disable the server component, there the docker-compose.yml might look like this
Here we go, better commenting matching the main LAPI Engine CrowdSec docker-compose.yml before,
This docker-compose.yml is more of an 'Agent' docker-compose.yml - it will be configured to phone home to the LAPI as it promotes what it has Parsed or seen on Appsec
Again, the possible only difficulty you would run into is port-use as you use Docket host/default-bridge networking
If you change a few ports for services and setup your "ports:" correctly, you should have no problem other than modifying a few more config files to use your non-default ports
ALSO, this setup uses an expected '.env' file next to your 'docker-compose.yml' file and the 'lapi' folder I reference in the volumes
be sure you create this file and use this kind of structure, when you "docker compose up -d" it will read the .env file and populate the vars
just be sure you write each KEY="value" on a new line
most of the files I refer to are available in '/etc/crowdsec' after a deploy and so it will deploy and be unconnected to CAPI and so on until you get your local config setup working for you (look in '/var/lib/docker/volumes/...' for your files you might want to update or modify, just copy them and change ownership to the 'lapi' folder i reference in the docker-compose.yml examples)
there is a /etc/crowdsec/config.yaml.local you can setup to over ride settings in case you don't want to fully replace/customize and track the otherwise in-image '/etc/crowdsec/config.yaml' file - you would just need to make it and load it via the volumes area for the container
that's a big knowledge drop, lmk if you have any questions
oh, and you could probably route at least the 8080 to CrowdSec by way of Traefik HTTP, but you would likely need to do TCP for the 6060 and 7422, but I have no experience here trying to route CrowdSec through Traefik, just the Nginx/Plex/Gitlab stuff
I’m probably over complicating shit.
I’ll take a look at this a little later tonight
Best of luck
Also, if you are doing Traefik and CrowdSec, Traefik will also share metrics like CrowdSec will, just have to have a Grafana setup and collect those off their ports (6060 for CrowdSec, and whatever port you setup for your Traefik metrics)
can make troubleshooting either a lot easier ❤️
i haven't used grafana
Unknown User•6mo ago
Message Not Public
Sign In & Join Server To View
i run my CrowdSec DB in a Postgres database, this speeds things up a little, so I have some bits around that in a "config.yaml.local", also some flush bits
but all the mods i load in, i do not go in and edit anything
Unknown User•6mo ago
Message Not Public
Sign In & Join Server To View
i did have to deploy a 'vanilla' env to get some of those config files... but after that, most are referenced on examples
feature.yaml:
Some of these might have excessive context... but so far so good:
volume mount these at /etc/crowdsec/contexts/
and after all that, there are somethings you just have to do via cli... so on the VM/Metal running your docker:
docker exec crowdsec cscli metrics
neat things is, you just delete the volume in Portainer/your-docker-GUI and redeploy, good to go!
hey!My issue was the cloudflare bouncer thread. But then I figured it out.
If you pay, you should be able to maintain quite a list there in Cloudflare to block with ..
If not, once every 4 days is all you get at 10k max
Ok